[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Gaping hole in Google service exposes thousands to ID theft
By John Lettice
8th November 2012
Exclusive -- A security flaw accessible via Google's UK motor insurance
aggregator Google Compare has potentially exposed vast numbers of
drivers to identity theft.
The vulnerability, the existence of which has been verified by The
Register, made it possible for comprehensive personal details -
including names, addresses, phone numbers and job - to be harvested at
Information about the flaw was passed to The Register last week by a
source who wishes to remain anonymous, but who is familiar with motor
insurance aggregation systems. The data could be accessed via a simple
edit of a motor insurance proposal form. The Register created a
fictitious motorist for this purpose, and completed an online proposal
form using Google Compare.
Google Compare sends this form to numerous underwriters - there can be
at least 100 of these - and then Google offers you details of the
companies that wish to offer a quote, together with their prices.
Some of these companies' quotes, however, can be illicitly accessed.
After we had made a simple edit to a vulnerable document, we were no
longer viewing our own proposal form, but those of unrelated
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!